From 1f2477c057f9159360a479df596cdf8a3778b644 Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Wed, 26 Mar 2025 09:23:36 +0000 Subject: [PATCH 1/4] Upgrading zap from 2.16.0 to 2.16.1 Signed-off-by: secureCodeBoxBot --- scanners/zap/Chart.yaml | 2 +- scanners/zap/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/zap/Chart.yaml b/scanners/zap/Chart.yaml index 553941f432..6c2511de82 100644 --- a/scanners/zap/Chart.yaml +++ b/scanners/zap/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the ZAP security scanner that integrates with the type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "2.16.0" +appVersion: "2.16.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/zaproxy/zaproxy/releases/latest diff --git a/scanners/zap/README.md b/scanners/zap/README.md index b3b2673271..256ad807e6 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -3,7 +3,7 @@ title: "ZAP" category: "scanner" type: "WebApplication" state: "released" -appVersion: "2.16.0" +appVersion: "2.16.1" usecase: "WebApp & OpenAPI Vulnerability Scanner" --- From 6afa38b2b539d428cc04d7ba2f513e0195dab9dc Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Wed, 26 Mar 2025 09:23:36 +0000 Subject: [PATCH 2/4] Upgrading zap-automation-framework from 2.16.0 to 2.16.1 Signed-off-by: secureCodeBoxBot --- scanners/zap-automation-framework/Chart.yaml | 2 +- scanners/zap-automation-framework/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/zap-automation-framework/Chart.yaml b/scanners/zap-automation-framework/Chart.yaml index 85a2c318c5..17710804d3 100644 --- a/scanners/zap-automation-framework/Chart.yaml +++ b/scanners/zap-automation-framework/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the ZAP Automation Framework that integrates with type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "2.16.0" +appVersion: "2.16.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/zaproxy/zaproxy/releases/latest diff --git a/scanners/zap-automation-framework/README.md b/scanners/zap-automation-framework/README.md index 8eeb109cac..feaff395e7 100644 --- a/scanners/zap-automation-framework/README.md +++ b/scanners/zap-automation-framework/README.md @@ -3,7 +3,7 @@ title: "ZAP Automation Framework" category: "scanner" type: "WebApplication" state: "released" -appVersion: "2.16.0" +appVersion: "2.16.1" usecase: "WebApp & OpenAPI Vulnerability Scanner" --- From 48fcf4ee4fbaea63b7dc4c96d1b49659606d0c2a Mon Sep 17 00:00:00 2001 From: secureCodeBoxBot Date: Wed, 26 Mar 2025 09:23:36 +0000 Subject: [PATCH 3/4] Upgrading zap-advanced from 2.16.0 to 2.16.1 Signed-off-by: secureCodeBoxBot --- scanners/zap-advanced/Chart.yaml | 2 +- scanners/zap-advanced/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scanners/zap-advanced/Chart.yaml b/scanners/zap-advanced/Chart.yaml index 1c34585a3a..a6bcd27c88 100644 --- a/scanners/zap-advanced/Chart.yaml +++ b/scanners/zap-advanced/Chart.yaml @@ -8,7 +8,7 @@ description: A Helm chart for the ZAP (extended with advanced authentication fea type: application # version - gets automatically set to the secureCodeBox release version when the helm charts gets published version: v3.1.0-alpha1 -appVersion: "2.16.0" +appVersion: "2.16.1" kubeVersion: ">=v1.11.0-0" annotations: versionApi: https://api.github.com/repos/zaproxy/zaproxy/releases/latest diff --git a/scanners/zap-advanced/README.md b/scanners/zap-advanced/README.md index eabade968a..6314ae6adf 100644 --- a/scanners/zap-advanced/README.md +++ b/scanners/zap-advanced/README.md @@ -3,7 +3,7 @@ title: "ZAP Advanced" category: "scanner" type: "WebApplication" state: "released" -appVersion: "2.16.0" +appVersion: "2.16.1" usecase: "WebApp & OpenAPI Vulnerability Scanner extend with authentication features" --- From 98b7edce6b6180f9481fab00bb4059c8e6e6fe80 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Tue, 1 Apr 2025 13:01:59 +0200 Subject: [PATCH 4/4] Migrate ZAP docker repo away from now deprecated softwaresecurityproject docker hub org Signed-off-by: Jannik Hollenbach --- scanners/zap-advanced/README.md | 2 +- scanners/zap-advanced/docs/README.ArtifactHub.md | 2 +- .../tests/__snapshot__/scanner_test.yaml.snap | 2 +- scanners/zap-advanced/values.yaml | 2 +- scanners/zap-automation-framework/README.md | 2 +- .../zap-automation-framework/docs/README.ArtifactHub.md | 2 +- .../tests/__snapshot__/scanner_test.yaml.snap | 2 +- scanners/zap-automation-framework/values.yaml | 2 +- scanners/zap/README.md | 2 +- scanners/zap/docs/README.ArtifactHub.md | 2 +- scanners/zap/tests/__snapshot__/scanner_test.yaml.snap | 8 ++++---- scanners/zap/values.yaml | 2 +- 12 files changed, 15 insertions(+), 15 deletions(-) diff --git a/scanners/zap-advanced/README.md b/scanners/zap-advanced/README.md index 6314ae6adf..97178085b6 100644 --- a/scanners/zap-advanced/README.md +++ b/scanners/zap-advanced/README.md @@ -524,7 +524,7 @@ zapConfiguration: | zapContainer.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | | zapContainer.extraVolumeMounts | list | `[{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/authentication/","name":"zap-scripts-authentication","readOnly":true},{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/session/","name":"zap-scripts-session","readOnly":true}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | zapContainer.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | -| zapContainer.image.repository | string | `"softwaresecurityproject/zap-stable"` | Container Image to run the scan | +| zapContainer.image.repository | string | `"docker.io/zaproxy/zap-stable"` | Container Image to run the scan | | zapContainer.image.tag | string | `nil` | defaults to the charts appVersion | | zapContainer.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | zapContainer.securityContext.allowPrivilegeEscalation | bool | `false` | | diff --git a/scanners/zap-advanced/docs/README.ArtifactHub.md b/scanners/zap-advanced/docs/README.ArtifactHub.md index 57bb033607..e625ee9a78 100644 --- a/scanners/zap-advanced/docs/README.ArtifactHub.md +++ b/scanners/zap-advanced/docs/README.ArtifactHub.md @@ -529,7 +529,7 @@ zapConfiguration: | zapContainer.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | | zapContainer.extraVolumeMounts | list | `[{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/authentication/","name":"zap-scripts-authentication","readOnly":true},{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/session/","name":"zap-scripts-session","readOnly":true}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | zapContainer.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | -| zapContainer.image.repository | string | `"softwaresecurityproject/zap-stable"` | Container Image to run the scan | +| zapContainer.image.repository | string | `"docker.io/zaproxy/zap-stable"` | Container Image to run the scan | | zapContainer.image.tag | string | `nil` | defaults to the charts appVersion | | zapContainer.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | zapContainer.securityContext.allowPrivilegeEscalation | bool | `false` | | diff --git a/scanners/zap-advanced/tests/__snapshot__/scanner_test.yaml.snap b/scanners/zap-advanced/tests/__snapshot__/scanner_test.yaml.snap index 9f5770a1db..d6740a7bd7 100644 --- a/scanners/zap-advanced/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/zap-advanced/tests/__snapshot__/scanner_test.yaml.snap @@ -148,7 +148,7 @@ matches the snapshot: - api.disablekey=true env: [] envFrom: [] - image: softwaresecurityproject/zap-stable:0.0.0 + image: docker.io/zaproxy/zap-stable:0.0.0 imagePullPolicy: IfNotPresent name: zap-sidecar ports: diff --git a/scanners/zap-advanced/values.yaml b/scanners/zap-advanced/values.yaml index efd51d7ad9..436bce6289 100644 --- a/scanners/zap-advanced/values.yaml +++ b/scanners/zap-advanced/values.yaml @@ -133,7 +133,7 @@ scanner: zapContainer: image: # -- Container Image to run the scan - repository: softwaresecurityproject/zap-stable + repository: docker.io/zaproxy/zap-stable # -- defaults to the charts appVersion tag: null # -- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images diff --git a/scanners/zap-automation-framework/README.md b/scanners/zap-automation-framework/README.md index feaff395e7..57b2c3b1e1 100644 --- a/scanners/zap-automation-framework/README.md +++ b/scanners/zap-automation-framework/README.md @@ -495,7 +495,7 @@ Alternatively, have a look at the [official documentation](https://www.zaproxy.o | scanner.extraVolumeMounts | list | `[{"mountPath":"/zap/wrk","name":"zap-workdir"},{"mountPath":"/zap/zap-entrypoint.bash","name":"zap-automation-framework-entrypoint","readOnly":true,"subPath":"zap-entrypoint.bash"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.extraVolumes | list | `[{"emptyDir":{},"name":"zap-workdir"},{"configMap":{"name":"zap-automation-framework-entrypoint"},"name":"zap-automation-framework-entrypoint"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | -| scanner.image.repository | string | `"softwaresecurityproject/zap-stable"` | Container Image to run the scan | +| scanner.image.repository | string | `"docker.io/zaproxy/zap-stable"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts appVersion | | scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.nodeSelector | object | `{}` | Optional nodeSelector settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/) | diff --git a/scanners/zap-automation-framework/docs/README.ArtifactHub.md b/scanners/zap-automation-framework/docs/README.ArtifactHub.md index 67e910eb80..e964060322 100644 --- a/scanners/zap-automation-framework/docs/README.ArtifactHub.md +++ b/scanners/zap-automation-framework/docs/README.ArtifactHub.md @@ -500,7 +500,7 @@ Alternatively, have a look at the [official documentation](https://www.zaproxy.o | scanner.extraVolumeMounts | list | `[{"mountPath":"/zap/wrk","name":"zap-workdir"},{"mountPath":"/zap/zap-entrypoint.bash","name":"zap-automation-framework-entrypoint","readOnly":true,"subPath":"zap-entrypoint.bash"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.extraVolumes | list | `[{"emptyDir":{},"name":"zap-workdir"},{"configMap":{"name":"zap-automation-framework-entrypoint"},"name":"zap-automation-framework-entrypoint"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | -| scanner.image.repository | string | `"softwaresecurityproject/zap-stable"` | Container Image to run the scan | +| scanner.image.repository | string | `"docker.io/zaproxy/zap-stable"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts appVersion | | scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.nodeSelector | object | `{}` | Optional nodeSelector settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/) | diff --git a/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap b/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap index cc80532f09..602f87a188 100644 --- a/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/zap-automation-framework/tests/__snapshot__/scanner_test.yaml.snap @@ -94,7 +94,7 @@ matches the snapshot: - /zap/zap-entrypoint.bash env: [] envFrom: [] - image: softwaresecurityproject/zap-stable:0.0.0 + image: docker.io/zaproxy/zap-stable:0.0.0 imagePullPolicy: IfNotPresent name: zap-automation-framework resources: diff --git a/scanners/zap-automation-framework/values.yaml b/scanners/zap-automation-framework/values.yaml index 5c88a1b927..9d10825d13 100644 --- a/scanners/zap-automation-framework/values.yaml +++ b/scanners/zap-automation-framework/values.yaml @@ -38,7 +38,7 @@ parser: scanner: image: # scanner.image.repository -- Container Image to run the scan - repository: softwaresecurityproject/zap-stable + repository: docker.io/zaproxy/zap-stable # scanner.image.tag -- defaults to the charts appVersion tag: null # -- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 256ad807e6..b162ad6bfd 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -288,7 +288,7 @@ Alternatively, have a look at the [official documentation](https://www.zaproxy.o | scanner.extraVolumeMounts | list | `[{"mountPath":"/zap/wrk","name":"zap-workdir"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.extraVolumes | list | `[{"emptyDir":{},"name":"zap-workdir"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | -| scanner.image.repository | string | `"softwaresecurityproject/zap-stable"` | Container Image to run the scan | +| scanner.image.repository | string | `"docker.io/zaproxy/zap-stable"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts appVersion | | scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.nodeSelector | object | `{}` | Optional nodeSelector settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/) | diff --git a/scanners/zap/docs/README.ArtifactHub.md b/scanners/zap/docs/README.ArtifactHub.md index 011d7c52a8..cf6c23c19e 100644 --- a/scanners/zap/docs/README.ArtifactHub.md +++ b/scanners/zap/docs/README.ArtifactHub.md @@ -293,7 +293,7 @@ Alternatively, have a look at the [official documentation](https://www.zaproxy.o | scanner.extraVolumeMounts | list | `[{"mountPath":"/zap/wrk","name":"zap-workdir"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.extraVolumes | list | `[{"emptyDir":{},"name":"zap-workdir"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | -| scanner.image.repository | string | `"softwaresecurityproject/zap-stable"` | Container Image to run the scan | +| scanner.image.repository | string | `"docker.io/zaproxy/zap-stable"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts appVersion | | scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.nodeSelector | object | `{}` | Optional nodeSelector settings that control how the scanner job is scheduled (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/) | diff --git a/scanners/zap/tests/__snapshot__/scanner_test.yaml.snap b/scanners/zap/tests/__snapshot__/scanner_test.yaml.snap index 8d4379a29f..260491a3fc 100644 --- a/scanners/zap/tests/__snapshot__/scanner_test.yaml.snap +++ b/scanners/zap/tests/__snapshot__/scanner_test.yaml.snap @@ -88,7 +88,7 @@ matches the snapshot: - ../../home/securecodebox/zap-results.xml env: [] envFrom: [] - image: softwaresecurityproject/zap-stable:0.0.0 + image: docker.io/zaproxy/zap-stable:0.0.0 imagePullPolicy: IfNotPresent name: zap-baseline-scan resources: @@ -139,7 +139,7 @@ matches the snapshot: - ../../home/securecodebox/zap-results.xml env: [] envFrom: [] - image: softwaresecurityproject/zap-stable:0.0.0 + image: docker.io/zaproxy/zap-stable:0.0.0 name: zap-api-scan resources: foo: bar @@ -187,7 +187,7 @@ matches the snapshot: - ../../home/securecodebox/zap-results.xml env: [] envFrom: [] - image: softwaresecurityproject/zap-stable:0.0.0 + image: docker.io/zaproxy/zap-stable:0.0.0 imagePullPolicy: IfNotPresent name: zap-full-scan resources: @@ -234,7 +234,7 @@ matches the snapshot: - -cmd env: [] envFrom: [] - image: softwaresecurityproject/zap-stable:0.0.0 + image: docker.io/zaproxy/zap-stable:0.0.0 imagePullPolicy: IfNotPresent name: zap-automation-scan resources: diff --git a/scanners/zap/values.yaml b/scanners/zap/values.yaml index 6ae361a6b4..d53611b223 100644 --- a/scanners/zap/values.yaml +++ b/scanners/zap/values.yaml @@ -38,7 +38,7 @@ parser: scanner: image: # scanner.image.repository -- Container Image to run the scan - repository: softwaresecurityproject/zap-stable + repository: docker.io/zaproxy/zap-stable # scanner.image.tag -- defaults to the charts appVersion tag: null # -- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images